Update to 1.4.1
- New upstream release 1.4.1 - Build error with gcrypt backend - Always do "forced" window updates to avoid corner case stalls - aes: the init function fails when OpenSSL has AES support - transport_send: finish in-progress key exchange before sending data - channel_write: acknowledge transport errors - examples/x11.c: make sure sizeof passed to read operation is correct - examples/x11.c: fix suspicious sizeof usage - sftp_packet_add: verify the packet before accepting it - SFTP: preserve the original error code more - sftp_packet_read: adjust window size as necessary - Use safer snprintf rather then sprintf in several places - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET - sftp_write: cannot return acked data *and* EAGAIN - sftp_read: avoid data *and* EAGAIN - libssh2.h: add missing prototype for libssh2_session_banner_set() - Drop upstream patches now included in release tarball
This commit is contained in:
Paul Howarth
parent
8e8214ab77
commit
e3d0f1a309
|
|
@ -1,28 +0,0 @@
|
|||
From b3ade9a63e881e69b4c9cfe7b5dbad78dcc4a0e0 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Stuge <peter@stuge.se>
|
||||
Date: Wed, 1 Feb 2012 09:53:44 +0100
|
||||
Subject: [PATCH] Fix undefined reference to _libssh_error in libgcrypt
|
||||
backend
|
||||
|
||||
Commit 209de22299b4b58e582891dfba70f57e1e0492db introduced a function
|
||||
call to a non-existing function, and since then the libgcrypt backend
|
||||
has not been buildable.
|
||||
---
|
||||
src/libgcrypt.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
|
||||
index 1bda5ee..5c2787b 100644
|
||||
--- a/src/libgcrypt.c
|
||||
+++ b/src/libgcrypt.c
|
||||
@@ -581,7 +581,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
|
||||
const char *privatekey,
|
||||
const char *passphrase)
|
||||
{
|
||||
- return _libssh_error(session, LIBSSH2_ERROR_FILE,
|
||||
+ return _libssh2_error(session, LIBSSH2_ERROR_FILE,
|
||||
"Unable to extract public key from private key file: "
|
||||
"Method unimplemented in libgcrypt backend");
|
||||
}
|
||||
--
|
||||
1.7.6.1
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
commit cc4f9d5679278ce41cd5480fab3f5e71dba163ed
|
||||
Author: Matthew Booth <mbooth@redhat.com>
|
||||
Date: Fri Mar 16 16:29:00 2012 +0100
|
||||
|
||||
transport_send: Finish in-progress key exchange before sending data
|
||||
|
||||
_libssh2_channel_write() first reads outstanding packets before writing
|
||||
new data. If it reads a key exchange request, it will immediately start
|
||||
key re-exchange, which will require sending a response. If the output
|
||||
socket is full, this will result in a return from
|
||||
_libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block
|
||||
a write because there is no data to read, this error is explicitly
|
||||
ignored and the code continues marshalling a packet for sending. When it
|
||||
is sent, the remote end immediately drops the connection because it was
|
||||
expecting a continuation of the key exchange, but got a data packet.
|
||||
|
||||
This change adds the same check for key exchange to
|
||||
_libssh2_transport_send() that is in _libssh2_transport_read(). This
|
||||
ensures that key exchange is completed before any data packet is sent.
|
||||
|
||||
diff --git a/src/transport.c b/src/transport.c
|
||||
index 057dcf5..95b9a3a 100644
|
||||
--- a/src/transport.c
|
||||
+++ b/src/transport.c
|
||||
@@ -296,7 +296,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
|
||||
* is done!
|
||||
*/
|
||||
_libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the"
|
||||
- " key re-exchange");
|
||||
+ " key re-exchange from _libssh2_transport_read");
|
||||
rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state);
|
||||
if (rc)
|
||||
return rc;
|
||||
@@ -687,6 +687,24 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
|
||||
const unsigned char *orgdata = data;
|
||||
size_t orgdata_len = data_len;
|
||||
|
||||
+ /*
|
||||
+ * If the last read operation was interrupted in the middle of a key
|
||||
+ * exchange, we must complete that key exchange before continuing to write
|
||||
+ * further data.
|
||||
+ *
|
||||
+ * See the similar block in _libssh2_transport_read for more details.
|
||||
+ */
|
||||
+ if (session->state & LIBSSH2_STATE_EXCHANGING_KEYS &&
|
||||
+ !(session->state & LIBSSH2_STATE_KEX_ACTIVE)) {
|
||||
+ /* Don't write any new packets if we're still in the middle of a key
|
||||
+ * exchange. */
|
||||
+ _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the"
|
||||
+ " key re-exchange from _libssh2_transport_send");
|
||||
+ rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state);
|
||||
+ if (rc)
|
||||
+ return rc;
|
||||
+ }
|
||||
+
|
||||
debugdump(session, "libssh2_transport_write plain", data, data_len);
|
||||
if(data2)
|
||||
debugdump(session, "libssh2_transport_write plain2", data2, data2_len);
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
From f4f2298ef3635acd031cc2ee0e71026cdcda5864 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Howarth <paul@city-fan.org>
|
||||
Date: Sun, 18 Mar 2012 12:07:27 +0000
|
||||
Subject: [PATCH] aes: the init function fails when OpenSSL has AES support
|
||||
|
||||
The internal init function only worked fine when the configure script
|
||||
didn't detect the OpenSSL AES_CTR function!
|
||||
|
||||
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml
|
||||
Reported by: Paul Howarth
|
||||
---
|
||||
src/openssl.c | 4 +++-
|
||||
src/openssl.h | 6 ------
|
||||
2 files changed, 3 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/openssl.c b/src/openssl.c
|
||||
index 40818c0..481982c 100644
|
||||
--- a/src/openssl.c
|
||||
+++ b/src/openssl.c
|
||||
@@ -201,7 +201,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
|
||||
return ret == 1 ? 0 : 1;
|
||||
}
|
||||
|
||||
-#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
|
||||
+#if LIBSSH2_AES_CTR
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/evp.h>
|
||||
@@ -358,6 +358,8 @@ void _libssh2_init_aes_ctr(void)
|
||||
_libssh2_EVP_aes_256_ctr();
|
||||
}
|
||||
|
||||
+#else
|
||||
+void _libssh2_init_aes_ctr(void) {}
|
||||
#endif /* LIBSSH2_AES_CTR */
|
||||
|
||||
/* TODO: Optionally call a passphrase callback specified by the
|
||||
diff --git a/src/openssl.h b/src/openssl.h
|
||||
index a196184..6d2aeed 100644
|
||||
--- a/src/openssl.h
|
||||
+++ b/src/openssl.h
|
||||
@@ -148,15 +148,9 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
|
||||
#define _libssh2_cipher_aes256 EVP_aes_256_cbc
|
||||
#define _libssh2_cipher_aes192 EVP_aes_192_cbc
|
||||
#define _libssh2_cipher_aes128 EVP_aes_128_cbc
|
||||
-#ifdef HAVE_EVP_AES_128_CTR
|
||||
-#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
|
||||
-#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
|
||||
-#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
|
||||
-#else
|
||||
#define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
|
||||
#define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
|
||||
#define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
|
||||
-#endif
|
||||
#define _libssh2_cipher_blowfish EVP_bf_cbc
|
||||
#define _libssh2_cipher_arcfour EVP_rc4
|
||||
#define _libssh2_cipher_cast5 EVP_cast5_cbc
|
||||
--
|
||||
1.7.7.6
|
||||
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
From fed075972080ed705bd79b731c40cf5e73085aeb Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 15 Mar 2012 13:03:08 +0100
|
||||
Subject: [PATCH] channel_write: acknowledge transport errors
|
||||
|
||||
When draining data off the socket with _libssh2_transport_read() (which
|
||||
in turn has to be done so that we can be sure to have read any possible
|
||||
window-increasing packets), this code previously ignored errors which
|
||||
could lead to nasty loops. Now all error codes except EAGAIN will cause
|
||||
the error to be returned at once.
|
||||
|
||||
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml
|
||||
Reported by: Matthew Booth
|
||||
---
|
||||
src/channel.c | 3 +++
|
||||
1 files changed, 3 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/src/channel.c b/src/channel.c
|
||||
index 8d6fb0a..9e29492 100644
|
||||
--- a/src/channel.c
|
||||
+++ b/src/channel.c
|
||||
@@ -2008,6 +2008,9 @@ _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id,
|
||||
rc = _libssh2_transport_read(session);
|
||||
while (rc > 0);
|
||||
|
||||
+ if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN))
|
||||
+ return rc;
|
||||
+
|
||||
if(channel->local.window_size <= 0)
|
||||
/* there's no room for data so we stop */
|
||||
return (rc==LIBSSH2_ERROR_EAGAIN?rc:0);
|
||||
--
|
||||
1.7.1
|
||||
|
||||
40
libssh2.spec
40
libssh2.spec
|
|
@ -8,18 +8,14 @@
|
|||
%endif
|
||||
|
||||
Name: libssh2
|
||||
Version: 1.4.0
|
||||
Release: 4%{?dist}
|
||||
Version: 1.4.1
|
||||
Release: 1%{?dist}
|
||||
Summary: A library implementing the SSH2 protocol
|
||||
Group: System Environment/Libraries
|
||||
License: BSD
|
||||
URL: http://www.libssh2.org/
|
||||
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
|
||||
Patch0: libssh2-1.2.9-utf8.patch
|
||||
Patch1: libssh2-1.4.0-c4a0e0.patch
|
||||
Patch2: libssh2-1.4.0-cc4f9d.patch
|
||||
Patch3: libssh2-1.4.0-f4f229.patch
|
||||
Patch4: libssh2-1.4.0-fed075.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: zlib-devel
|
||||
|
|
@ -69,19 +65,6 @@ developing applications that use libssh2.
|
|||
# Make sure things are UTF-8...
|
||||
%patch0 -p1
|
||||
|
||||
# Fix undefined reference to _libssh_error in libgcrypt (upstream patch)
|
||||
%patch1 -p1
|
||||
|
||||
# Fix libssh2 failing key re-exchange when write channel is saturated
|
||||
# (upstream patch, #804156)
|
||||
%patch2 -p1
|
||||
|
||||
# Don't try to use openssl's AES-CTR functions (upstream patch)
|
||||
%patch3 -p1
|
||||
|
||||
# Don't ignore transport errors in channel_write (upstream patch, #804150)
|
||||
%patch4 -p1
|
||||
|
||||
# Make sshd transition appropriately if building in an SELinux environment
|
||||
chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
|
||||
chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
|
||||
|
|
@ -143,6 +126,25 @@ rm -rf %{buildroot}
|
|||
%{_libdir}/pkgconfig/libssh2.pc
|
||||
|
||||
%changelog
|
||||
* Thu Apr 5 2012 Paul Howarth <paul@city-fan.org> 1.4.1-1
|
||||
- Update to 1.4.1
|
||||
- Build error with gcrypt backend
|
||||
- Always do "forced" window updates to avoid corner case stalls
|
||||
- aes: the init function fails when OpenSSL has AES support
|
||||
- transport_send: finish in-progress key exchange before sending data
|
||||
- channel_write: acknowledge transport errors
|
||||
- examples/x11.c: make sure sizeof passed to read operation is correct
|
||||
- examples/x11.c: fix suspicious sizeof usage
|
||||
- sftp_packet_add: verify the packet before accepting it
|
||||
- SFTP: preserve the original error code more
|
||||
- sftp_packet_read: adjust window size as necessary
|
||||
- Use safer snprintf rather then sprintf in several places
|
||||
- Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
|
||||
- sftp_write: cannot return acked data *and* EAGAIN
|
||||
- sftp_read: avoid data *and* EAGAIN
|
||||
- libssh2.h: add missing prototype for libssh2_session_banner_set()
|
||||
- Drop upstream patches now included in release tarball
|
||||
|
||||
* Mon Mar 19 2012 Kamil Dudka <kdudka@redhat.com> 1.4.0-4
|
||||
- Don't ignore transport errors when writing to channel (#804150)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue